Less Is More: Advanced Malware Represents a Small Percentage of Enterprise Threats, But Packs Highest Impact

When it comes to both low-impact and advanced malware, the numbers are staggering. PandaLabs recently reported that nearly one-third (31.6 percent) of all PCs worldwide are infected with malware; after assessing over 100 enterprises around the world, TrendMicro concluded that 100 percent of enterprises had undetected malware; and a recent Ponemon Institute study of 130 enterprise organizations throughout the world found 11 percent of desktops, laptops or other mobile data-bearing devices had been infected by malware in any given month.

While certainly disturbing, these figures are also a bit misleading. The term “malware” represents a broad range of malicious software that affects end user devices in different ways. Most malware is considered to be “nuisance-ware,” which requires user and administrative resources to remediate and mostly leads to diminished productivity. Advanced malware, a far more dangerous form, steals sensitive data and communicates it to the attacker. Advanced malware presents a potentially devastating operational risk to the enterprise since it is specifically designed to steal and exfiltrate employee access credentials and sensitive corporate data.

The Growing Threat of Advanced Malware

Recent IBM analysis found that approximately 1 in every 500 employee endpoints is infected with sophisticated, information-stealing malware at any point in time. The IBM Security malware research team continuously analyzes information received from tens of millions of user endpoints and hundreds of organizations using IBM Security Trusteer solutions to protect their Web applications, computers and mobile devices from online threats.

Many of these users and organizations deal with highly sensitive financial transactions on a daily basis and are therefore constantly targeted by fraudsters and cyber criminals. Additionally, organizations are increasingly concerned about advanced persistent threats targeting their employee endpoints in an attempt to gain valuable business information such as intellectual property, legal documents and operational data.

2014 Ponemon Study: The Economic Impact of Advanced Persistent Threats (APTs)

This highly advanced malware exists within the broader malware infection statistics, which include a variety of malware categories. Although relatively small in number, this type of malware can have a huge impact. Because most malware detection software is designed to find standard, known malware — and because standard, known malware represents the vast majority of enterprise malware — most organizations falsely believe they are finding and eliminating virtually all malware threats. This is exactly what the advanced malware attackers want them to believe. While many organizations are satisfied with their malware detection statistics, this small sliver of advanced malware goes undetected and remains in position to cause devastating damage.

Rather than focus on the total number of PCs infected globally or within an average organization, all organizations should focus on the 1 in 500 employee devices that are infected with advanced data-stealing malware. This type of malware has highly evolved evasion capacities that render it virtually invisible to most malware detection applications. Mandiant recently reported that 94 percent of the time, enterprises only find out about a compromise due to a third-party notification. Advanced malware can compromise an employee’s device, steal sensitive data and continue to access the corporate network without being detected. It’s highly likely that it’s happening in your organization right now; you just don’t know it yet.

more from Malware

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti…